Content data delivery system, and method for delivering an encrypted content data

ABSTRACT

A handheld device is configured to be connectable to a storage media that holds a unique media identifier and holds a content key data used to decrypt an encrypted content data. A content data delivery system is provided that is configured to be able to deliver various data to the handheld device and to make a content data available to the handheld device. The system includes a member-registration information database that holds member-registration information including a data pair of a handheld-device identifier related to the relevant handheld device and the relevant media identifier. The media identifier held by the storage media is verified with the member-registration information database.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation application of U.S. patentapplication Ser. No. 11/505,820, filed Aug. 18, 2006, which is based onand claims the benefit of priority from prior Japanese PatentApplication No. 2005-237259, filed on Aug. 18, 2005, the entire contentof which are incorporated herein by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a content data delivery system and amethod for delivering an encrypted content data, more particularly, to acontent data delivery system and a method that delivers a content datato a storage media connected to a handheld device such as a mobilephone.

2. Description of the Related Art

With the recent development of the information society, a contentdelivery system has become commonly used that delivers to a userterminal a content such as an electronic book, a newspaper, music, amotion picture or the like and makes the content available to the user(see, for example, Japanese application patent laid-open publication No.2004-350150). The user may use the personal computer connectable to theInternet to access the Internet website for content delivery, anddownload a content at a cost or at no cost. The personal computer usedfor the download may itself play the downloaded content data. It is alsobecoming common to copy the downloaded content data to a handheld devicesuch as a mobile phone terminal or a portable music player and to playthe data.

Even when playing the high-quality music on the mobile phone terminal,the current content delivery system cannot download the content datadirectly to the mobile phone terminal, and instead needs to acquire thecontent data via the personal computer. It is convenient for the userhaving no personal computer but only a mobile phone terminal to be ableto use the content delivery system only via the mobile phone terminalwithout using the personal computer. The content delivery provider mayalso have advantages that more users will use the delivery system andmore business opportunities will be created.

Using the content delivery system only via the mobile phone terminal hasproblems with lower communication speed of the mobile phone network andwith more difficult management of the purchased content data. In otherwords, using the content delivery system via the personal computer mayeasily manage a large amount of content data using content datamanagement software or the like on the computer. For example, thepersonal computer may hold and manage a large amount of content data byorganizing the data per category, artist, or the like. From the librarythus organized, a favorite content data may be transferred to and usedon the handheld device of a small storage capacity as appropriate. Whenthe user becomes bored with the transferred content data, the user maycopy another favorite content data from the library and play it.

Receiving the content data delivery only via the mobile phone terminalhas a problem that it is difficult to appropriately hold and manage alarge amount of content data because of the insufficient capacity of theSD memory card used as the storage media and because of the small screenof the display in the handheld device or the like. For a data that hasbeen dissipated or deleted, the relevant content data needs to bepurchased again, thereby providing disadvantage and poor economy to theuser.

SUMMARY OF THE INVENTION

According to an aspect of this invention, there is provided a contentdata delivery system configured to be able to deliver various data to ahandheld device and to make a content data available to above-describedhandheld device, above-described handheld device being configured to beconnectable to a storage media that holds a unique media identifier andholds a content key data used to decrypt an encrypted content data,above-described content data delivery system comprising: amember-registration information database that holds member-registrationinformation including a data pair of a handheld-device identifierrelated to above-described handheld device and above-described mediaidentifier; a verification portion that reads above-described mediaidentifier held by storage media and verifies above-described mediaidentifier with above-described member-registration informationdatabase; a storage condition determination portion that, whenabove-described verification portion determines that above-describedmedia identifier corresponds to above-described member-registrationinformation, reads above-described content key data held in storagemedia, and determines whether an encrypted content data corresponding toread content key data is stored in above-described storage media orother storage media coupled to above-described storage media; a displayportion that displays a determination result of above-described storagecondition determination portion; and a transfer portion that transfersabove-described encrypted content data to above-described storage mediaor above-described other storage media depending on user's specificationof above-described storage media.

According to an aspect of this invention, there is provided a method fordelivering an encrypted content data to a handheld device, said handhelddevice being configured to be connectable to a storage media that hold amedia identifier unique to the storage media and a content key data usedto decrypt the encrypted content data, said method comprising thefollowing:

storing in a database member-registration information including a datapair of a handheld-device identifier related to the handheld device andthe media identifier;

verifying that the media identifier is stored in the database afterreading the media identifier of the storage media;

determining whether an encrypted content data corresponding to thecontent key data is stored in the storage media or other storage media,when the media identifier is verified that it is stored in the database;and

transferring the encrypted content data corresponding to the content keydata to the storage media or the other storage media, when the storagemedia or other storage media do not contain the encrypted content data.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram of the configuration of a content datadelivery system of a first embodiment of the present invention.

FIG. 2 is a block diagram of the internal configuration of the storeterminal 30 in FIG. 1.

FIG. 3 shows an example of a data stored in a member-registrationinformation database 41.

FIG. 4 shows an example of a data stored in a member content-keydatabase 47.

FIG. 5 is a flowchart of an operation procedure of the content datadelivery system of an embodiment of the present invention.

FIG. 6 is an example of a display of the display portion 31 of the storeterminal 30.

FIG. 7 is another example of a display of the display portion 31 of thestore terminal 30.

FIG. 8 is another example of a display of the display portion 31 of thestore terminal 30.

FIG. 9 is an example of a variant of an embodiment of the presentinvention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

With reference to the accompanying drawings, a description is givenbelow of the embodiments of the present invention.

FIG. 1 is a schematic diagram of the entire configuration of a contentdata delivery system of the present embodiment. The user carries ahandheld device 10 such as a mobile phone terminal, and an SD memorycard 20 that is a storage media connectable to the handheld device 10. Astore (or shop) terminal 30 and a server 40 are provided as a systemthat delivers a content data C and a content key data Kc to the handhelddevice 10 and SD memory card 20.

The SD memory card 20 is an example of the secure storage media thatsecurely stores the data. The SD memory card 20 includes a system area21, a hidden area 22, a protected area 23, a user data area 24, and anencryption/decryption portion 25. Each of the areas 21 to 24 stores adata. Specifically, the SD memory card 20 stores, in a system area 21,key management information media key block (MKB) and a media identifierIDm. The hidden area 22 stores a media-specific key data Kmu. Theprotected area 23 stores an encrypted user key data Enc (Kmu: Ku). Theuser data area 24 stores a content key data Enc (Ku: Kci) encrypted withthe user key Ku and a content data Ci (Enc (Kci: Ci)) encrypted with thecontent key data Kci. Note that the Enc (A: B) means herein a data Bencrypted with a data A. The user key Ku is the encryption/decryptionkey for the content key Kci. The user key Ku is used in common for aplurality of encrypted content keys Enc (Ku, Kc1), Enc (Ku, Kc2) . . .in the same SD memory card 20.

The system area 21 is read-only and accessible from the outside of theSD memory card 20. The hidden area 22 is also read-only and is an areato which the SD memory card 20 itself refers. The hidden area 22 isnever accessible from the outside of the SD memory card 20. Theprotected area 23 may be read/written from the outside of the SD memorycard 20 if the user is successfully authenticated. The user data area 24may be freely read/written from the outside of the SD memory card 20. Itis supposed in this embodiment that the user data area 24 of the SDmemory card 20 also stores the encrypted content data Enc (Kc: C) alongwith the content key data Kc. Another storage media other than the SDmemory card 20 may also store the encrypted content data. Theencryption/decryption portion 25 performs the authentication, keyexchange, and cipher communication between the protected area 23 and theoutside of the SD memory card 20. The encryption/decryption portion 25has a function of encryption/decryption.

For such a SD memory card 20, the handheld device 10 operates asfollows. The handheld device 10 performs, using a preset device key Kd,an MKB process on the key management information MKB read from thesystem area 21 of the SD memory card 20, thereby obtaining a media keyKm. The handheld device 10 then performs a hash process both on themedia key Km and on the media identifier IDm read from the system area21 of the SD memory card 20, thereby obtaining a media-specific key Kmu.

The handheld device 10 then uses the media-specific key Kmu as a basisto perform the authentication and key exchange (AKE) process with theencryption/decryption portion 25 of the SD memory card 20, therebysharing a session key Ks with the SD memory card 20. Note that theauthentication and key exchange process are successful and the sessionkey Ks is shared when the media-specific key Kmu in the hidden area 22that is referred to by the encryption/decryption portion 25 coincideswith the media-specific key Kmu generated in the handheld device 10.

The handheld device 10 then reads the encrypted user key Enc (Kmu, Ku)from the protected area 23 via the cipher communication using thesession key Ks. The handheld device 10 then decrypts the encrypted userkey Enc (Kmu, Ku) with the media-specific key Kmu, thereby obtaining theuser key Ku. The handheld device 10 finally reads the encrypted contentkey Enc (Ku, Kc) from the user data area 24 of the SD memory card 20.The handheld device 10 then decrypts the encrypted content key Enc (Ku,Kc) with the user key Ku, thereby obtaining the content key Kc. Thehandheld device 10 finally reads the encrypted content Enc (Kc, C) fromthe SD memory card 20. The handheld device 10 then decrypts theencrypted content Enc (Kc, C) with the content key Kc and plays theresulting content C.

The double-key encryption scheme provides the SD memory card 20 with theunique media identifier IDm and provides each media identifier IDm withthe specific user key Ku. The user key Ku is also encrypted and storedin the protected area 23 of the SD memory card 20. The user key Ku maybe encrypted depending on the media identifier IDm. A valid player mayonly decrypt the user key Ku. An intruder that illegally copies only thecontent key Kc from the user data area 24 may thus not acquire thecontent.

From the content delivery provider, the user purchases the content keydata Kc and acquires the encrypted content data Enc (Kc: C) in variousways. The encrypted content data Enc (Kc: C) may be decrypted with thecontent key data Kc. The content key data Kc itself has a small dataamount. The handheld device 10 may thus receive the content key data Kcthrough data communication via the narrow band network N1 (such as themobile phone network) between the handheld device 10 and server 40.After receiving the content key data Kc, the handheld device 10 encryptsit with the user key Ku and stores it in the user data area 24 of the SDmemory card 20. The content data C usually has a data amount of a fewMegabytes or more. It is thus difficult for the handheld device 10 totransmit or receive the content data C in the narrow band environment.In this embodiment, therefore, the handheld device 10 receives thecontent data C via the store terminal 30. The user thus receives variousdata from the store terminal 30. The store terminal 30 in turn receivesvarious data from the server 40 via the network N2 that is the broadbandnetwork.

The store terminal 30 is provided, for example, at a convenience store,a gas station, a bookstore or the like across the country. The storeterminal 30 is an online terminal for services such as the sale andpayment of various tickets or the like. The store terminal 30 includes adisplay portion 31 such as the touch panel display, and a slot 32 intowhich the SD memory card 20 is inserted after being removed from thehandheld device 10. In parallel with or instead of the slot 32, an endterminal or the like may be provided to which the handheld device 10itself is connected via the USB cable or the like. Note that the networkN2 may include a variety of networks other than the Internet, such as anintranet, an extranet, a leased line, or a virtual private network(VPN).

In the content data delivery system of this embodiment, after the useris registered as a member, the store terminal 30 and server 40 provide amanagement service for the content data about the content key data Kcthat user has already purchased and stored in the SD memory card 20.Specifically, the display portion 31 of the store terminal 30 providesinformation about, among all content key data Kc already purchased,whose corresponding content data is also already stored in the SD memorycard 20 or in other storage media coupled to the SD memory card 20. Theuser may refer to the information described above to understand thecontent data that is currently playable in the user's own handhelddevice 10 and the content data that the user may use again withoutpayment by redownloading it or the like. Note that it is supposed thatthe member registration is performed by providing the handheld-deviceidentifier IDc and media identifier IDm in various ways. Thehandheld-device identifier IDc acts as the identifier about the handhelddevice. The various ways include, for example, by user's accessing theserver 40 from the handheld device 10 via the mobile phone network, byusing the store terminal 30, and by mail. The handheld-device identifierIDc may be an identifier that identifies the handheld device 10 itself,or an identifier that identifies the user of the handheld device 10.

In the content data delivery system of this embodiment, after the useris registered as a member, the store terminal 30 and server 40 provide aservice where the user may have an unlimited number of downloads at nocharge (except the monthly membership fee after the member registration)of the content data whose content key data is already purchased by theuser. Note that the content data that the user newly purchases, in otherwords, the content data whose content key data has not been purchased bythe user may be acquired along with the content key data by making apredetermined payment by cash payment at the store or by using variousonline and offline ways (such as the credit card, prepaid card, additionto the mobile phone bill). Another service may also be provided wherethe user may download only the encrypted content data before purchasingthe content key data. Subsequently purchasing the content key data mayplay the encrypted content data. Note that in the service describedabove, the user may preferably have a limited number of downloads of theencrypted content data before purchasing the content key data in orderto prevent the abuse and copyright infringement or the like due to theillegal decryption of the encrypted content data or the like.

In the content data delivery system of this embodiment, after the useris registered as a member, the store terminal 30 and server 40 provide aservice that may store and manage the content key data that is alreadypurchased by the user, and that may allow the user to redownload anaccidentally deleted content key data.

FIG. 2 is a block diagram of the internal configuration of the storeterminal 30. The store terminal 30 includes a control portion 33 thatcontrols the entire device, a display control portion 34 that controlsthe display condition of the display portion 31, an SD card processingportion 35 that reads or writes data to the SD memory card 20, acommunication control portion 36 that controls the data communicationwith the server 40, and a memory 37 that stores various programsincluding a content data delivery program and various data or the like.

The server 40 performs, in response to a data query request or a datatransfer request from the store terminal 30, a variety of dataprocessings such as searching a data related to the query request ortransmitting a data related to the transfer request. As an example, thestore terminal 30 sends a query request to the server 40 to determinewhether the data already registered as a member includes the mediaidentifier IDm of the SD memory card 20 in process. The server 40 isconnected to a variety of databases, including a member-registrationinformation database 41, a media identifier database 42, ahandheld-device identifier database 43, a content database 44, acontent-bibliography information database 45, a content key database 46,and a member content-key database 47.

The member-registration information database 41 holds themember-registration information of the user who applies for the use ofthe specific service provided by the content data delivery system of thepresent embodiment. Referring to FIG. 3, the member-registrationinformation includes the member number of the user, the handheld-deviceidentifier IDc, and the media identifier IDm of the SD memory card 20used in the handheld device 10. Note that the member registration may beperformed in any suitable manner such as by user's accessing the server40 from the handheld device 10 via the mobile phone network, by usingthe store terminal 30, or by mail.

The media identifier database 42 holds the data of the media identifierIDm held by each SD memory card 20. The handheld-device identifierdatabase 43 holds the data of the handheld-device identifier IDc. Thecontent database 44 holds the content data after being encrypted withthe corresponding content key data. The content database 44 holds thecontent data in such a way that the content data corresponds to thecontent ID or the like. The content-bibliography information database 45holds the bibliography information (such as the title and artist name)of the content data. The content-bibliography information database 45holds the bibliography information in such a way that the informationcorresponds to the content key data and content ID or the like. Thecontent key database 46 holds various content key data with which thecontent data is encrypted. Referring to FIG. 4, the member content-keydatabase 47 holds a bunch of the user's content key data. The membercontent-key database 47 holds the bunch of data in such a way that thebunch corresponds to the member number of the user, handheld-deviceidentifier IDc, or media identifier IDm of the SD memory card 20 used inthe handheld device 10. This database may be used, when the userregistered as the member of the system of the present embodiment hasaccidentally deleted the content key data of the SD memory card 20, toredownload the content key data on the basis of the member registrationdata.

Referring to the flowchart in FIG. 5, a description is now given of theprocedure for using the content data delivery system of the presentembodiment. First, the user removes the SD memory card 20 from thehandheld device 10 and inserts the card into the slot 32 of the storeterminal 30 (S11). The display portion 31 displays, for example, a mainmenu screen as shown in FIG. 6. The input device (such as the touchpanel) of the store terminal 30 is used to select, for example, the menuof “CONTENT DATA MANAGEMENT AND RE-DOWNLOAD” (S12).

The store terminal 30 then accesses the system area 21 of the SD memorycard 20 inserted into the slot 32, thereby reading the media identifierIDm of the SD memory card 20 (S13). The store terminal 30 then queriesthe server 40 for the presence of the member-registration informationabout the read media identifier IDm (S14). The server 40 verifies themedia identifier IDm included in the query request with themember-registration information database 41, and returns the storeterminal 30 information on whether the corresponding member-registrationinformation exists. If no corresponding member-registration informationexists (“NO” in S 15), then the store terminal 30 displays a messagerecommending the member-registration on the display portion 31 (S16). Ifthe corresponding member-registration information exists, then the storeterminal 30 accesses the user data area 24 of the SD memory card 20 andreads the content key data Kci stored in the SD memory card 20 (S 17).The store terminal 30 then reads the content bibliography informationcorresponding to the content data Kci from the content-bibliographyinformation database 45 (S18). The store terminal 30 then accesses theuser data area 24 again to check whether the user data area 24 storesthe encrypted content data Ci corresponding to the read content key dataKci. The store terminal 30 then displays on the display portion 31 thelist of the content bibliography information along with information onwhether the content data Ci exists in the SD memory card 20 (S 19). FIG.7 shows an example of the display on the display portion 31. The displayportion 31 displays the bibliography items (such as the title, artistname, and category), which are read as the content bibliographyinformation, along with information (data “Yes” or NO″) on whether thecontent data Ci exists in the SD memory card 20. The user may see thescreen to know what kind of content the content key data owned by theuser relates to, or what content data the SD memory card 20 actuallystores. The user may thus manage his or her own content data on thestore terminals 30 existing all over the country, just like the usermanages the own content data at home using his or her personal computerusing a content data management software or the like.

The content data with “NO” displayed on the display portion 31 has anicon of “re-download” displayed next to the “NO.” Selection of the“re-download” icon (S20) makes the store terminal 30 transfer therequest to the server 40. In response, the server 40 transfers thecontent data Enc (Kci: Ci) encrypted with the content key data Kci tothe store terminal 30. The store terminal 30 writes the encryptedcontent data Enc (Kci: Ci) into the user data area 24 of the SD memorycard 20 (S21). The user may thus play and enjoy the content data Ci onthe handheld device 10 or the like. After the writing is completed, thefield of “DATA” corresponding to the content data Ci changes from “NO”to “YES,” and the icon of “re-download” disappears, as shown in FIG. 8.To continuously redownload another content data, the procedure describedabove may be repeated. The re-download may be ended by selecting the“END” icon 302 in the lower right of the screen (S24).

In this way, the user may store in the SD memory card 20 a large numberof content key data each having a small data volume, while the user maystore in the SD memory card 20 only the portion of the large-volumecontent data that the user wants to play now. The user may exchange thecontent data by enjoying the service described above at the store withthe store terminal 30 provided therein. The user may thus manage a largeamount of content data only using the handheld device 10 without havinga personal computer at home and may exchange the content data anywhereand any time. No security problems will arise because the servicedescribed above is only provided to the user that has been registered asa member using the handheld-device identifier and media identifier.

Note that selection of the icon 301 of “RE-DOWNLOAD OF CONTENT KEY” inthe lower right of the screen in FIG. 7 (S22) may redownload the contentkey data from the content key database 47 (S23).

While the invention has been described with reference to a particularembodiment thereof, it is not limited to the embodiment. It will beunderstood that various modifications, replacements, additions and thelike may be made without departing from the sprit of the invention.Although, for example, the embodiment described above has shown only oneserver 40, there may be provided a plurality of distributed servers thatare connected with each other. A portion of the content data, forexample, the salable content data may be stored in the memory 37 by thestore terminal 30 itself, and may be redownloaded without datacommunication. Each store terminal 30 may exchange data with each other.The server 40 may only perform, the above-described re-download (lockerservice) of the content data provided by a plurality of servers managedby a plurality of different content-data-delivery providers. Althoughthe embodiment described above has described an example where variousdata are obtained from the store terminal 30, the data may be obtained,for example, as shown in FIG. 9, by using a personal computer 50connected to the server 40 via the network N2 such as the internet, andby obtaining the same service via the World Wide Web (WWW) or the likeas obtained from the store terminal 30. The personal computer 50 maybelong to the user or to others such as in the Internet cafe.

Instead of or along with inserting the SD memory card 20 into the SDmemory card slot 32, the handheld device 10 with the SD memory card 20already inserted thereinto may be connected to the store terminal 30 viathe USB cable or the like. In this case, instead of the SD memory card20 storing the redownloaded content data, a different storage mediastored in the mobile phone 10 may store the redownloaded content data.Further, the storage condition of the corresponding content data may bedetermined by searching and making determination on the relevantdifferent storage media coupled to the SD memory card 20.

The member registration may be performed by registering a plurality ofmedia identifiers of a plurality of SD memory cards for thehandheld-device identifier of one handheld device 10. After the memberregistration is completed, additional registration of another card maybe accepted. The fee after the member registration may be set in variousways, such as a fixed fee for any number of downloads, and a basic feefor a predetermined number of downloads and an additional feeproportional to the number of excess downloads.

Note that in the content data delivery system of the present embodiment,the new content data may be purchased by two methods: (1) transmittingdirectly to the store terminal 30 one that the user wants to purchaseamong the encrypted content data Enc (Kc: Ci) stored in the contentdatabase 44; and (2) storing in the content database 44 the raw contentdata Ci before encryption, and encrypting the content data Ci afterreading the corresponding content key data Kci from the content keydatabase 46, and transmitting the encrypted content data Ci to the storeterminal 30.

1. A content data delivery system configured to be able to delivervarious data to a handheld device and to make content data available inthe handheld device, the handheld device being configured to beconnectable to a storage medium that holds a medium identifier and holdscontent key data used to decrypt encrypted content data, the contentdata delivery system comprising: a member-registration informationdatabase that holds member-registration information including a datapair of a handheld-device identifier related to the handheld device andthe medium identifier; a member content-key database that holds acontent key data held in the storage medium, a verification portion thatverifies the medium identifier held in the storage medium with themember-registration information database; a storage conditiondetermination portion that, when the verification portion determinesthat the medium identifier corresponds to the member-registrationinformation, determines whether an encrypted content data correspondingto the content key data held in the member content-key database isstored in the storage medium or other storage medium coupled to thestorage medium; and a transfer portion that transfers the encryptedcontent data to the storage medium or the other storage medium dependingon an instruction from a user of the storage medium.
 2. The content datadelivery system of claim 1, wherein encrypted content data correspondingto content key data not held in the storage medium is accepted at a sametime as or before acquirement of the content key data up to apredetermined number of times.
 3. The content data delivery system ofclaim 1, further comprising a display that displays a determinationresult of the storage condition determination portion.
 4. A content datadelivery system configured to be able to deliver various data to ahandheld device and to make content data available in the handhelddevice, the handheld device being configured to be connectable to astorage medium that holds a medium identifier and holds content key dataused to decrypt encrypted content data, the content data delivery systemcomprising: a member-registration information database that holdsmember-registration information including a data pair of ahandheld-device identifier related to the handheld device and the mediumidentifier; a verification portion that verifies the medium identifierheld in the storage medium with the member-registration informationdatabase; a storage condition determination portion that, when theverification portion determines that the medium identifier correspondsto the member-registration information, determines whether an encryptedcontent data corresponding to the content key data is stored in thestorage medium or other storage medium coupled to the storage medium;and a transfer portion that transfers the encrypted content data to thestorage medium or the other storage medium depending on an instructionfrom a user of the storage medium.
 5. The content data delivery systemof claim 4, wherein encrypted content data corresponding to content keydata not held in the storage medium is accepted at a same time as orbefore acquirement of the content key data up to a predetermined numberof times.
 6. The content data delivery system of claim 4, furthercomprising a display that displays a determination result of the storagecondition determination portion.